What is mTLS and How Does it Work?
What is TLS?
Before reaching our goal of understanding mTLS, we need to understand regular TLS. There are tons of resources out there that vary in technical depth. My goal here is familiarization, not mastery (which requires complex understanding of cryptography and various standards like X.509. If you are aiming for mastery, I suggest looking into a course or a fine book. If you are hoping to become familiar with the basic ideas and terminology, look no further!
You have already used TLS hundreds of times today. Any websites you visit with https
as the protocol, is making use of TLS. The server has used asymmetric encryption to encrypt your requests (providing confidentiality) and has also proven its identity to you, so that you can be confident that it was actually Google who answered your request on https://www.google.com, and not your malicious neighbor who likes to hack you.
Before we proceed further, let’s briefly talk about SSL and how it relates to TLS (the two are often confused). SSL was the predecessor of TLS and is deprecated. However, you will sometimes see SSL and TLS used interchangeably where technical precision is paramount, or to support legacy implementations (for example Nginx variables often include “ssl” in their name, even though it’s actually TLS being worked on).